chartutil: add Literal mode to ValuesReference (helm --set-literal semantics)#1218
Open
gecube wants to merge 1 commit into
Open
chartutil: add Literal mode to ValuesReference (helm --set-literal semantics)#1218gecube wants to merge 1 commit into
gecube wants to merge 1 commit into
Conversation
When a HelmRelease consumer references a ConfigMap or Secret via valuesFrom with a targetPath set, the referenced value is currently fed to Helm's strvals.ParseInto parser — the same parser as `helm --set`. That treats commas, square brackets, braces and equal signs in the value as syntactic metacharacters, so arbitrary file content (Spring application.yml with flow sequences, HOCON application.conf, JSON, multi-line strings with trailing commas, …) is misparsed or causes hard errors like `error parsing index: strconv.Atoi: parsing " \"foo\", \"bar\" "`. The existing single/double-quote workaround (introduced in helm-controller fluxcd#298) is impractical for delivering raw config files from kustomize configMapGenerator / secretGenerator: the generated CM data is the file content as-is, with no opportunity to wrap it. This commit adds a new boolean field `Literal` to meta.ValuesReference. When set together with TargetPath, ChartValuesFromReferences calls a new ReplacePathLiteralValue helper that pre-escapes strvals metacharacters in the value before delegating to strvals.ParseIntoString. The result is a verbatim value preserved at the target path, while the path itself still honours `\.` escapes (which the alternative helm strvals.ParseLiteralInto does not). Has no effect when TargetPath is empty (root YAML merge is unchanged). Default Literal=false preserves backward compatibility with all existing HelmReleases. Resolves fluxcd/helm-controller#1317, addresses parts of fluxcd#460, fluxcd#853, flux2#1756. The CRD schema bump and consumer wiring in helm-controller is a separate follow-up PR. Signed-off-by: George Gaál <gb12335@gmail.com>
gecube
force-pushed
the
feat/valuesfrom-literal
branch
from
b4592f9 to
53e9227
Compare
gecube
added a commit
to gecube/helm-controller
that referenced
this pull request
May 25, 2026
Exposes the new `literal` field on `valuesFrom` entries, mirroring the addition to `meta.ValuesReference` in fluxcd/pkg#1218. When set together with `targetPath`, the referenced value is passed to Helm verbatim (equivalent of `helm --set-literal`) instead of being parsed by `strvals.ParseInto`, so file content containing commas, brackets, braces or equal signs survives the round-trip intact. This commit ships only the OpenAPI schema (so the field is validated by the API server) and the user-facing documentation. The runtime support lives in fluxcd/pkg/chartutil; once that PR merges and a `fluxcd/pkg` release is cut, a follow-up will bump the dependency here so helm-controller actually honours the field. Until then, setting `literal: true` is accepted by the API but has no effect — the field is forward-compatible. Addresses fluxcd#1317. Signed-off-by: George Gaál <gb12335@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Problem
When a
HelmReleaseconsumes aConfigMaporSecretviavaluesFromwith atargetPathset, the referenced value is currently passed to Helm'sstrvals.ParseInto— the same parser ashelm --set. That treats,,[,],{,},=and\in the value as syntactic metacharacters, so arbitrary file content (Springapplication.ymlwith flow sequences, HOCONapplication.conf, JSON blobs, multi-line YAML with trailing commas, …) is misparsed or fails outright with errors like:The single/double-quote workaround introduced in helm-controller#298 (
'<value>'→ParseIntoString) is impractical for delivering raw config files via kustomizeconfigMapGenerator/secretGenerator: the generated CM data is the file content as-is, with no opportunity to wrap it without sidecar files or build steps. Flux's kustomize-controller explicitly disables Kustomize plugins (PluginConfig: kustypes.DisabledPluginConfig()), so a transformer-based workaround isn't available either.Solution
Adds a
Literal boolfield tometa.ValuesReference. WhenLiteral: truetogether withTargetPath,ChartValuesFromReferencescalls a newReplacePathLiteralValuehelper instead ofReplacePathValue. The helper pre-escapes strvals metacharacters in the value, then delegates tostrvals.ParseIntoString— that combination yields:,/[/{/=interpretation; no type coercion to int/bool/list/map).externalConfig.application\.yml.contentresolves to the literal keyapplication.yml, which the alternativestrvals.ParseLiteralIntodoes not).Literalhas no effect whenTargetPathis empty (the root YAML-merge path is unchanged). DefaultLiteral: falseis fully backward compatible.Why not
strvals.ParseLiteralInto?It is the obvious choice and was the first thing I tried. It correctly preserves value metacharacters, but does not support
\.escapes in the path:Charts that use filenames as map keys (a common Helm pattern for per-file config) need the
\.escape, so I went with pre-escaping the value and routing throughParseIntoString. Documented in the function doc comment.API
Tests
chartutil/values_test.gogains:TestChartValuesFromReferences— new cases:non-literal target path mangles value with commas— pinning the current bug as a regression test.literal target path preserves helm-set metacharacters— Spring-style YAML with flow sequence.literal target path preserves multi-line HOCON with equals and braces— HOCON content read from a Secret.literal flag without targetPath is ignored (root YAML merge)— documents the no-effect branch.TestReplacePathLiteralValue— 10 unit cases covering commas, braces, brackets, equals, multi-line YAML, HOCON, JSON, boolean-shaped strings, and the\.path escape.All existing tests continue to pass.
Backward compatibility
omitempty; defaults tofalse.*out = *in) —ValuesReferenceis a plain value type, no regeneration needed.ReplacePathValuewhenLiteral: false).Follow-up
This PR ships the API + behaviour in
fluxcd/pkg. A follow-up PR influxcd/helm-controllerwill:fluxcd/pkgdependency to a release containing this change.config/crd/bases/helm.toolkit.fluxcd.io_helmreleases.yamlso the field is openAPI-validated by the API server.valuesFrom literalsection todocs/spec/v2/helmreleases.md.Related
--set-literalsemantics invaluesFrom + targetPath)valuesFrom)--set-literalupstream in helm#9182 (v3.12); this brings the equivalent to Flux.